Enable CodeQL as SAST Tool #2112
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) 2021-2023 Valve Corporation | |
# Copyright (c) 2021-2023 LunarG, Inc. | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# | |
# Author: Lenny Komow <[email protected]> | |
# Author: Charles Giessen <[email protected]> | |
name: CI Build | |
# https://docs.github.com/en/actions/using-jobs/using-concurrency | |
concurrency: | |
# github.head_ref is only defined on pull_request | |
# Fallback to the run ID, which is guaranteed to be both unique and defined for the run. | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
on: | |
push: | |
pull_request: | |
branches: | |
- main | |
permissions: read-all | |
jobs: | |
linux: | |
runs-on: ${{matrix.os}} | |
strategy: | |
matrix: | |
cc: [ gcc, clang ] | |
cxx: [ g++, clang++ ] | |
config: [ Debug, Release ] | |
os: [ ubuntu-20.04, ubuntu-22.04 ] | |
exclude: | |
- cc: gcc | |
cxx: clang++ | |
- cc: clang | |
cxx: g++ | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- uses: lukka/get-cmake@latest | |
with: | |
cmakeVersion: 3.17.2 | |
- run: sudo apt update | |
- name: Install Dependencies | |
run: sudo apt install --yes --no-install-recommends libwayland-dev libxrandr-dev | |
- name: Generate build files | |
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=${{matrix.config}} -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D LOADER_ENABLE_ADDRESS_SANITIZER=ON -D ENABLE_WERROR=ON | |
env: | |
CC: ${{matrix.cc}} | |
CXX: ${{matrix.cxx}} | |
- name: Build the loader | |
run: cmake --build build | |
- name: Install the loader | |
run: cmake --install build --prefix build/install | |
- name: Validate pkg-config | |
run: pkg-config --validate ./build/install/lib/pkgconfig/vulkan.pc | |
- name: Run regression tests | |
working-directory: ./build | |
run: ctest --output-on-failure | |
- name: Verify generated source files | |
run: python scripts/generate_source.py --verify external/${{matrix.config}}/Vulkan-Headers/registry | |
- name: Verify code formatting with clang-format | |
run: ./scripts/check_code_format.sh | |
- name: Verify commit message formatting | |
run: ./scripts/check_commit_message_format.sh | |
linux-no-asm: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- uses: lukka/get-cmake@latest | |
with: | |
cmakeVersion: 3.17.2 | |
- run: sudo apt update | |
- name: Install Dependencies | |
run: sudo apt install --yes --no-install-recommends libwayland-dev libxrandr-dev | |
- name: Generate build files | |
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=Release -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D USE_GAS=OFF | |
env: | |
CC: clang | |
CXX: clang++ | |
- name: Build the loader | |
run: cmake --build build | |
- name: Run regression tests | |
working-directory: ./build | |
run: ctest --output-on-failure -E UnknownFunction | |
linux-32: | |
runs-on: ${{matrix.os}} | |
strategy: | |
matrix: | |
cc: [ gcc, clang ] | |
cxx: [ g++, clang++ ] | |
config: [ Debug, Release ] | |
os: [ ubuntu-20.04, ubuntu-22.04 ] | |
exclude: | |
- cc: gcc | |
cxx: clang++ | |
- cc: clang | |
cxx: g++ | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- uses: lukka/get-cmake@latest | |
with: | |
cmakeVersion: 3.17.2 | |
- name: Enable 32 bit | |
run: |- | |
sudo dpkg --add-architecture i386 | |
- name: Update packages | |
run: |- | |
sudo apt-get update | |
- name: Install Dependencies | |
run: |- | |
sudo apt install --yes --no-install-recommends gcc-multilib g++-multilib libc6:i386 libc6-dev-i386 libgcc-s1:i386 libwayland-dev:i386 libxrandr-dev:i386 | |
- name: Generate build files | |
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=${{matrix.config}} -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D SYSCONFDIR=/etc/not_vulkan | |
env: | |
CFLAGS: -m32 | |
CXXFLAGS: -m32 | |
LDFLAGS: -m32 | |
ASFLAGS: --32 | |
- name: Build the loader | |
run: cmake --build build | |
- name: Install the loader | |
run: cmake --install build --prefix build/install | |
- name: Validate pkg-config | |
run: pkg-config --validate ./build/install/lib/pkgconfig/vulkan.pc | |
- name: Run regression tests | |
working-directory: ./build | |
run: ctest --output-on-failure | |
linux-32-no-asm: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- uses: lukka/get-cmake@latest | |
with: | |
cmakeVersion: 3.17.2 | |
- name: Enable 32 bit | |
run: |- | |
sudo dpkg --add-architecture i386 | |
- name: Update packages | |
run: |- | |
sudo apt-get update | |
- name: Install Dependencies | |
run: |- | |
sudo apt install --yes --no-install-recommends gcc-multilib g++-multilib libc6:i386 libc6-dev-i386 libgcc-s1:i386 libwayland-dev:i386 libxrandr-dev:i386 | |
- name: Generate build files | |
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=Release -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D USE_GAS=OFF | |
env: | |
CFLAGS: -m32 | |
CXXFLAGS: -m32 | |
LDFLAGS: -m32 | |
ASFLAGS: --32 | |
- name: Build the loader | |
run: cmake --build build | |
- name: Run regression tests | |
working-directory: ./build | |
run: ctest --output-on-failure -E UnknownFunction | |
windows_vs: | |
runs-on: windows-latest | |
strategy: | |
matrix: | |
arch: [ Win32, x64 ] | |
config: [ Debug, Release ] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- name: Generate build files | |
run: cmake -S. -B build -DBUILD_TESTS=ON -DUPDATE_DEPS=ON -D CMAKE_BUILD_TYPE=${{matrix.config}} -A ${{ matrix.arch }} -D ENABLE_WERROR=ON | |
- name: Build the loader | |
run: cmake --build ./build --config ${{matrix.config}} | |
- name: Install the loader | |
run: cmake --install build --prefix build/install --config ${{matrix.config}} | |
- name: Run regression tests | |
working-directory: ./build | |
run: ctest --output-on-failure -C ${{matrix.config}} | |
windows_vs-no-asm: | |
runs-on: windows-latest | |
strategy: | |
matrix: | |
arch: [ Win32, x64 ] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- name: Generate build files | |
run: cmake -S. -B build -DBUILD_TESTS=ON -DUPDATE_DEPS=ON -D USE_MASM=OFF -D CMAKE_BUILD_TYPE=Release -A ${{ matrix.arch }} -D ENABLE_WERROR=ON | |
- name: Build the loader | |
run: cmake --build ./build --config Release | |
- name: Run regression tests | |
working-directory: ./build | |
run: ctest --output-on-failure -C Release -E UnknownFunction | |
# Something about Github Actions + Windows + Ninja + Unicode doesn't play nicely together. | |
# https://github.com/KhronosGroup/Vulkan-Loader/pull/1188#issuecomment-1536659318 | |
# | |
# Disable testing explicitly for Ninja. But still ensure it builds properly. | |
windows_ninja: | |
runs-on: windows-2019 | |
strategy: | |
matrix: | |
arch: [ Win32, x64 ] | |
config: [ Debug, Release ] | |
exclude: | |
- arch: Win32 | |
config: release | |
- arch: x64 | |
config: debug | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- uses: ilammy/msvc-dev-cmd@v1 | |
with: | |
arch: ${{ matrix.arch }} | |
- name: Configure | |
run: cmake -S. -B build -DUPDATE_DEPS=ON -D CMAKE_BUILD_TYPE=${{matrix.config}} -G "Ninja" -D ENABLE_WERROR=ON -D LOADER_USE_UNSAFE_FILE_SEARCH=ON | |
- name: Build | |
run: cmake --build ./build | |
- name: Install the loader | |
run: cmake --install build --prefix build/install | |
# Make sure clang-cl builds still succeed - used by the chromium project | |
windows_clang_cl: | |
runs-on: windows-2022 | |
strategy: | |
matrix: | |
arch: [ x64 ] | |
config: [ Release ] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- uses: ilammy/msvc-dev-cmd@v1 | |
with: | |
arch: ${{ matrix.arch }} | |
- name: Configure | |
run: cmake -S. -B build -D UPDATE_DEPS=ON -D BUILD_TESTS=ON -D CMAKE_BUILD_TYPE=${{matrix.config}} -T "ClangCL" -D ENABLE_WERROR=ON | |
- name: Build | |
run: cmake --build ./build --config ${{matrix.config}} | |
- name: Install the loader | |
run: cmake --install build --prefix build/install --config ${{matrix.config}} | |
- name: Run regression tests | |
working-directory: ./build | |
run: ctest --output-on-failure -C ${{matrix.config}} | |
mac: | |
runs-on: ${{matrix.os}} | |
strategy: | |
matrix: | |
config: [ Debug, Release ] | |
os: [ macos-11, macos-latest ] | |
static_build: [ BUILD_STATIC_LOADER=ON, BUILD_STATIC_LOADER=OFF ] | |
exclude: | |
- os: macos-latest | |
static_build: BUILD_STATIC_LOADER=ON | |
- config: Debug | |
os: macos-11 | |
static_build: BUILD_STATIC_LOADER=ON | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- uses: lukka/get-cmake@latest | |
- name: Generate build files | |
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=${{matrix.config}} -D ${{matrix.static_build}} -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D LOADER_ENABLE_ADDRESS_SANITIZER=ON -G "Ninja" | |
env: | |
# Specify the minimum version of macOS on which the target binaries are to be deployed. | |
# https://cmake.org/cmake/help/latest/envvar/MACOSX_DEPLOYMENT_TARGET.html | |
MACOSX_DEPLOYMENT_TARGET: 10.12 | |
- name: Build the loader | |
run: cmake --build build | |
- name: Install the loader | |
run: cmake --install build --prefix build/install | |
- name: Run regression tests | |
working-directory: ./build | |
run: ctest --output-on-failure | |
mac-no-asm: | |
runs-on: macos-latest | |
strategy: | |
matrix: | |
static_build: [ BUILD_STATIC_LOADER=ON, BUILD_STATIC_LOADER=OFF ] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: '3.7' | |
- uses: lukka/get-cmake@latest | |
- name: Generate build files | |
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=Release -D ${{matrix.static_build}} -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D USE_GAS=OFF -G "Ninja" | |
env: | |
# Specify the minimum version of macOS on which the target binaries are to be deployed. | |
# https://cmake.org/cmake/help/latest/envvar/MACOSX_DEPLOYMENT_TARGET.html | |
MACOSX_DEPLOYMENT_TARGET: 10.12 | |
- name: Build the loader | |
run: cmake --build build | |
- name: Run regression tests | |
working-directory: ./build | |
run: ctest --output-on-failure -E UnknownFunction | |
gn: | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
config: [ Debug, Release ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Get depot tools | |
run: | | |
git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git depot_tools | |
echo "$GITHUB_WORKSPACE/depot_tools" >> $GITHUB_PATH | |
- name: Fetch and install headers | |
run: ./build-gn/update_deps.sh | |
- name: Generate build files | |
run: gn gen out/${{matrix.config}} --args="is_debug=true" | |
if: matrix.config != 'Release' | |
- name: Generate build files | |
run: gn gen out/${{matrix.config}} --args="is_debug=false" | |
if: matrix.config == 'Release' | |
- name: Build the loader | |
run: ninja -C out/${{matrix.config}} | |
# MinGW uses JWASM to compile the assembly code - since that isn't available on github actions, this run is disabled | |
# mingw: | |
# runs-on: windows-2022 | |
# defaults: | |
# run: | |
# shell: bash | |
# steps: | |
# - uses: actions/checkout@v3 | |
# - name: Setup ccache | |
# uses: hendrikmuhs/[email protected] | |
# with: | |
# key: mingw-ccache | |
# - uses: actions/setup-python@v4 | |
# with: | |
# python-version: '3.8' | |
# - uses: lukka/get-cmake@latest | |
# - name: GCC Version | |
# run: gcc --version # If this fails MINGW is not setup correctly | |
# - name: Configure | |
# run: cmake -S. -B build -D UPDATE_DEPS=ON -D CMAKE_BUILD_TYPE=Release | |
# env: | |
# LDFLAGS: -fuse-ld=lld # MINGW linking is very slow. Use llvm linker instead. | |
# CMAKE_C_COMPILER_LAUNCHER: ccache | |
# CMAKE_CXX_COMPILER_LAUNCHER: ccache | |
# CMAKE_GENERATOR: Ninja | |
# - name: Build | |
# run: cmake --build build -- --quiet | |
# - name: Install | |
# run: cmake --install build --prefix build/install | |
# - name: MinGW ccache stats # The Post Setup ccache doesn't work right on MinGW | |
# run: ccache --show-stats | |
mingw-no-asm: | |
runs-on: windows-2022 | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
key: mingw-ccache | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.8' | |
- uses: lukka/get-cmake@latest | |
- name: GCC Version | |
run: gcc --version # If this fails MINGW is not setup correctly | |
- name: Configure | |
run: cmake -S. -B build -D UPDATE_DEPS=ON -D CMAKE_BUILD_TYPE=Release -D ENABLE_WERROR=ON | |
env: | |
LDFLAGS: -fuse-ld=lld # MINGW linking is very slow. Use llvm linker instead. | |
CMAKE_C_COMPILER_LAUNCHER: ccache | |
CMAKE_CXX_COMPILER_LAUNCHER: ccache | |
CMAKE_GENERATOR: Ninja | |
- name: Build | |
run: cmake --build build -- --quiet | |
- name: Install | |
run: cmake --install build --prefix build/install | |
- name: MinGW ccache stats # The Post Setup ccache doesn't work right on MinGW | |
run: ccache --show-stats |